Dont set credentials by default for ajax requests. Fixes issue #261

author: Manolo Carrasco <manolo@apache.org> 2014-01-27 11:40:32 +0100
committer: Manolo Carrasco <manolo@apache.org> 2014-01-27 11:40:32 +0100
commit: 6df7c6a8f2461d918d305c883985023d9d05b43d (patch)
tree: 38fa823c68074e2010ef2857da831575c486abb3 /gwtquery-core/src/test/java
parent: f4b20ca9e43b603979fbe89d73d8c662dbd01af2 (diff)
download: gwtquery-6df7c6a8f2461d918d305c883985023d9d05b43d.tar.gz
gwtquery-6df7c6a8f2461d918d305c883985023d9d05b43d.zip
3 files changed, 49 insertions, 2 deletions
diff --git a/gwtquery-core/src/test/java/com/google/gwt/query/client/ajax/AjaxTestJre.java b/gwtquery-core/src/test/java/com/google/gwt/query/client/ajax/AjaxTestJre.java
index abe00e30..1167651d 100644
--- a/gwtquery-core/src/test/java/com/google/gwt/query/client/ajax/AjaxTestJre.java
+++ b/gwtquery-core/src/test/java/com/google/gwt/query/client/ajax/AjaxTestJre.java
@@ -49,6 +49,7 @@ public class AjaxTestJre extends AjaxTests {
     
     echoUrl = localDomain + "/" + servletPath;
     echoUrlCORS = corsDomain + "/" + servletPath + "?cors=true";
+
     startWebServer(port);
   }
   
diff --git a/gwtquery-core/src/test/java/com/google/gwt/query/client/ajax/AjaxTests.java b/gwtquery-core/src/test/java/com/google/gwt/query/client/ajax/AjaxTests.java
index f6a064c5..ee3005c9 100644
--- a/gwtquery-core/src/test/java/com/google/gwt/query/client/ajax/AjaxTests.java
+++ b/gwtquery-core/src/test/java/com/google/gwt/query/client/ajax/AjaxTests.java
@@ -15,6 +15,8 @@
  */
 package com.google.gwt.query.client.ajax;
 
+import junit.framework.Assert;
+
 import com.google.gwt.http.client.Response;
 import com.google.gwt.junit.DoNotRunWith;
 import com.google.gwt.junit.Platform;
@@ -119,7 +121,49 @@ public abstract class AjaxTests extends GWTTestCase {
       .setData(jsonGET)
       .setDataType("json");
 
-    performAjaxJsonTest_CORS(s);
+    performAjaxJsonTest_CORS(s)
+      .done(new Function() {
+          public void f() {
+            Response r = arguments(3);
+            Assert.assertNotNull(r.getHeader("Access-Control-Allow-Origin"));
+            Assert.assertNull(r.getHeader("Access-Control-Allow-Credentials"));
+          }
+        });
+  }
+  
+  @DoNotRunWith(Platform.HtmlUnitBug)
+  public void testAjaxJsonGet_CORS_WithCredentials_Supported() {
+    Settings s = Ajax.createSettings()
+      .setType("get")
+      // Enable credentials in servlet 
+      .setUrl(echoUrlCORS + "&credentials=true")
+      .setData(jsonGET)
+      .setDataType("json")
+      .setWithCredentials(true);
+
+    performAjaxJsonTest_CORS(s)
+      .done(new Function() {
+        public void f() {
+          Response r = arguments(3);
+          Assert.assertNotNull(r.getHeader("Access-Control-Allow-Origin"));
+          Assert.assertNotNull(r.getHeader("Access-Control-Allow-Credentials"));
+        }
+      });
+  }
+  
+  @DoNotRunWith(Platform.HtmlUnitBug)
+  public void testAjaxJsonGet_CORS_WithCredentials_Unsupported() {
+    Settings s = Ajax.createSettings()
+      .setType("get")
+      // Disable credentials in servlet 
+      .setUrl(echoUrlCORS)
+      .setData(jsonGET)
+      .setDataType("json")
+      .setWithCredentials(true);
+    
+    Ajax.ajax(s)
+      .fail(finishFunction)
+      .done(failFunction);
   }
   
   public void testAjaxGetJsonP() {
diff --git a/gwtquery-core/src/test/java/com/google/gwt/query/servlet/GQAjaxTestServlet.java b/gwtquery-core/src/test/java/com/google/gwt/query/servlet/GQAjaxTestServlet.java
index 5152de4c..b00d2469 100644
--- a/gwtquery-core/src/test/java/com/google/gwt/query/servlet/GQAjaxTestServlet.java
+++ b/gwtquery-core/src/test/java/com/google/gwt/query/servlet/GQAjaxTestServlet.java
@@ -61,7 +61,9 @@ public class GQAjaxTestServlet extends HttpServlet {
     String origin = req.getHeader("Origin");
     if ("true".equals(req.getParameter("cors")) && origin != null) {
       resp.addHeader("Access-Control-Allow-Origin", origin);
-      resp.addHeader("Access-Control-Allow-Credentials", "true");
+      if ("true".equals(req.getParameter("credentials"))) {
+        resp.addHeader("Access-Control-Allow-Credentials", "true");
+      }
       String method = req.getHeader("Access-Control-Request-Method");
       if (method != null) {
         resp.addHeader("Access-Control-Allow-Methods", method);
author	Manolo Carrasco <manolo@apache.org>	2014-01-27 11:40:32 +0100
committer	Manolo Carrasco <manolo@apache.org>	2014-01-27 11:40:32 +0100
commit	6df7c6a8f2461d918d305c883985023d9d05b43d (patch)
tree	38fa823c68074e2010ef2857da831575c486abb3 /gwtquery-core/src/test/java
parent	f4b20ca9e43b603979fbe89d73d8c662dbd01af2 (diff)
download	gwtquery-6df7c6a8f2461d918d305c883985023d9d05b43d.tar.gz gwtquery-6df7c6a8f2461d918d305c883985023d9d05b43d.zip